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-The MAILING DA TE of this communication appears on the cover sheet with the correspondence address - 
THE REPLY FILED 26 September 2007 FAILS TO PLACE THIS APPLICATION IN CONDITION FOR ALLOWANCE. 

1 . S The reply was filed after a final rejection, but prior to or on the same day as filing a Notice of Appeal. To avoid abandonment of 

this application, applicant must timely file one of the following replies: (1) an amendment, affidavit, or other evidence, which 
places the application in condition for allowance; (2) a Notice of Appeal (with appeal fee) in compliance with 37 CFR 41 .31 ; or (3) 
a Request for Continued Examination (RCE) in compliance with 37 CFR 1.1 14. The reply must be filed within one of the following 
time periods: 

a) CI The period for reply expires months from the mailing date of the final rejection. 

b) The period for reply expires on: (1) the mailing date of this Advisory Action, or (2) the date set forth in the final rejection, whichever is later. In 
no event, however, will the statutory period for reply expire later than SIX MONTHS from the mailing date of the final rejection. 

Examiner Note: If box 1 is checked, check either box (a) or (b). ONLY CHECK BOX (b) WHEN THE FIRST REPLY WAS FILED WITHIN 

TWO MONTHS OF THE FINAL REJECTION. See MPEP 706.07(f). 
Extensions of time may be obtained under 37 CFR 1.136(a). The date on which the petition under 37 CFR 1.136(a) and the appropriate extension fee 
have been filed is the date for purposes of determining the period of extension and the corresponding amount of the fee. The appropriate extension fee 
under 37 CFR 1.17(a) is calculated from: (1) the expiration date of the shortened statutory period for reply originally set in the final Office action; or (2) as 
set forth in (b) above, if checked. Any reply received by the Office later than three months after the mailing date of the final rejection, even if timely filed, 
may reduce any earned patent term adjustment. See 37 CFR 1 .704(b). 
NOTICE OF APPEAL 

2. □ The Notice of Appeal was filed on . A brief in compliance with 37 CFR 41 .37 must be filed within two months of the date of 

filing the Notice of Appeal (37 CFR 41 .37(a)), or any extension thereof (37 CFR 41 .37(e)), to avoid dismissal of the appeal. Since 
a Notice of Appeal has been filed, any reply must be filed within the time period set forth in 37 CFR 41 .37(a). 
AMENDMENTS 

3. □ The proposed amendment(s) filed after a final rejection, but prior to the date of filing a brief, will not be entered because 

(a) D They raise new issues that would require further consideration and/or search (see NOTE below); 

(b) □ They raise the issue of new matter (see NOTE below); 

(c) □ They are not deemed to place the application in better form for appeal by materially reducing or simplifying the issues for 

appeal; and/or 

(d) Q They present additional claims without canceling a corresponding number of finally rejected claims. 

NOTE: . (See 37 CFR 1.116 and 41 .33(a)). 

4. □ The amendments are not in compliance with 37 CFR 1 .121 . See attached Notice of Non-Compliant Amendment (PTOL-324). 

5. □ Applicant's reply has overcome the following rejection(s): . 

6. □ Newly proposed or amended claim(s) would be allowable if submitted in a separate, timely filed amendment canceling the 

non-allowable claim(s). 

7. ^ For purposes of appeal, the proposed amendment(s): a) □ will not be entered, or b) E] will be entered and an explanation of 

how the new or amended claims would be rejected is provided below or appended. 
The status of the claim(s) is (or will be) as follows: 

Claim(s) allowed: . 

Claim(s) objected to: . 

Claim(s) rejected: 1-12. 14. 15.17. 19 and 20 . 

Claim(s) withdrawn from consideration: . 

AFFIDAVIT OR OTHER EVIDENCE 

8. □ The affidavit or other evidence filed after a final action, but before or on the date of filing a Notice of Appeal will not be entered 

because applicant failed to provide a showing of good and sufficient reasons why the affidavit or other evidence is necessary and 
was not earlier presented. See 37 CFR 1 .1 16(e). 

9. □ The affidavit or other evidence filed after the date of filing a Notice of Appeal, but prior to the date of filing a brief, will not be 

entered because the affidavit or other evidence failed to overcome all rejections under appeal and/or appellant fails to provide a 
showing a good and sufficient reasons why it is necessary and was not earlier presented. See 37 CFR 41 .33(d)(1). 

10. □ The affidavit or other evidence is entered. An explanation of the status of the claims after entry is below or attached. 
REQUEST FOR RECONSIDERATION/OTHER 

1 1 . The request for reconsideration has been considered but does NOT place the application in condition for allowance because: 
See Continuation Sheet. 

12. □ Note the attached Information Disclosure Statement(s). (PTO/SB/08) Paper No(s). . 

13. □ Other: . 
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Continuation of 1 1 . does NOT place the application in condition for allowance because: Examiner asserts that the limitation incorporated 
into the respective Independent claims 1 , 5 and 7 are disclosed by the reference on the record. 

Independent claims 1, 5 and 7 are amended to incorporate the following limitation which were part of the canceled dependent claims 13, 
16 and 18. • 

"wherein the security association re-use policy controls the set of trusted endpoints to comprise fewer than all of the endpoints that 
securely communicate with the node"; 

"wherein the security association re-use policy limits the selection of identifiers for inclusion into the trusted endpoint list to less than all of 
the endpoints that securely communicate with the node" and 

"wherein the security association re-use policy limits the inclusion of end-points in the trusted end-point list to less than all of the endpoints 
that securely communicate with the network device;" 

Examiner searched the disclosure for understanding the above limitation and found no support in the specification. In particular the 
comparison terms used in the claims such as "fewer than", "less than" are not found in the specification at all. 

However on page 8 of applicant's disclosure the following has been disclosed which the examiner assumed to be the intention and the 
meaning of the above limitations. 

"Once the SA has been obtained, it is stored in the SA table 36, and is used during subsequent communications until changed or 
discarded. The SA table 36 stores a number of entries, each entry including an identifier of the communication link, and the SA associated 
with the communication link. As mentioned previously, the identifier may be a node identifier or a group identifier (for example a VPN 
identifier). The SA table 36 is a superset of the SA table 33 stored in memory 34. Also included in the SA logic 32 is a list of trusted 
endpoints 35. The list of trusted endpoints is a list of links (comprised of node identifiers or group identifiers) which are 'trusted' by the 
node 30; i.e., those endpoints that are well known to the node and communicate with the node on a regular basis, and thus will be allowed 
to 're-use' their last negotiated security association in the event of a power reset at the node. The selection of endpoints as 'trusted* 
endpoints that are permitted to re-use their security association depends upon the particular policy that a corporation or enterprise that 
owns the network sets up, and is flexible and tailored to the particular needs of the corporation. For example, certain fixed end nodes such 
as branch offices or remote offices which should always normally be connected to the corporation via a VPN could be designated as 
'always trusted* by the reuse policy. The remote offices are intended to be normally connected to the network via the VPN, are well known 
and fixed, and may be able to always use the fast re-use of security associations. In addition, telecommuters who log on regularly to the 
corporation may be designated as trusted depending on a configurable rules set based on the number of times and durations of 
connections in a past time period." 

Furthermore on page 9, the following has been disclosed by the applicant's disclosure. 

"The list of trusted endpoints is used to select a subset of entries from the SA table 36 for maintenance the SA table 33 of memory 34. 
Periodically the entries from the SA table 36 are copied to the SA table 33. This copying may occur upon the creation or re- keying of each 
SA, or alternatively the table may be backed up at periodic intervals to reflect changes in network configuration." 
In view of the above understanding, for the purpose of examination the office interprets the applicant's limitation as "the set of security 
associations includes only the security associations for a set of trusted endpoints." 

As examiner pointed out in the final office action, this is something which is already disclosed by the combination of the reference/s on the 
record. For instance, Examiner would like to point out that the secondary reference on the record, Mercer on paragraph 0026 discloses the 
following. 

"In order to establish the IPSec SA, the first 1 10 and second 1 14 gateway computers must agree upon an encryption algorithm, an 
authentication algorithm, and have a shared session key. The first 1 10 and second 114 gateway computers must also provide each other 
with the appropriate SPI value 310, 410 to include in the IPSec header portion 304, 404. And all these information/s meet the limitation 
recited as 'security association re-use policy of the node'. When this is done, the IPSec SA has been established, and the first 110 and 
second 1 14 gateway computers store the SA in respective Security Association Databases (SADs) 116, 118." 

Furthermore, Examiner would also like to point out that, Mercer on paragraph 0025, discloses the following. "To establish an IKE 
SA, the first 1 10 and second 1 14 gateway computers exchange digital certificates, which have been digitally signed by a trusted third party 
certificate authority 115. Thereafter, when the IKE session becomes active, the first 1 10 and second 1 14 gateway computers can establish 
the IPSec SA". And on paragraph 0026, the following has been described. "When this is done, the IPSec SA has been established, and 
the first 1 10 and second 1 14 gateway computers store the SA in respective Security Association Databases (SADs) 116, 118." And nodes 
digitally signed by a trusted third party are trusted nodes and meets the limitation of "wherein the set of security associations includes only 
the security associations for endpoints nodes that are trusted by the node. 

However if applicant's intention is otherwise then the limitations incorporated in the respective independent claims have to be written in 
such a way they are not only provide a well defined meaning but also supported by the applicant's disclosure. In particular terms like 
"fewer than", "less than" are not found in the specification at all. 

Though the application has allowable subject matter, the independent claims have not yet been written to include such limitation in a clear 
and non-ambiguous form. 
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